Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
User Account Management
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Wed Jan 24, 2007 1:29 pm    Post subject: User Account Management Reply with quote

Hi All.


What's the best way of doing this...

I need to create a lot of user accounts, but want to relieve the admin burden a little, so that when I've created a new user account it automatically has the user name as the password, and the user is forced the change the password on first login.

I don't want anyone to HAVE to change their password regularly after that, just on first login.


Any help is greatly received :)



Cheers,
jcat
Back to top
View user's profile Send private message
modified_bessel
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jul 2004
Posts: 101
Location: Cote d'Azur, France

PostPosted: Wed Jan 24, 2007 3:09 pm    Post subject: Reply with quote

I assume you have some sort of script to generate the new user account to start with, initializing the <username> and initial password? In the script, you then add, at the end,

Code:
passwd -e  <username>


so that thereafter the user password immediately expires; at his next login he is therefore forced to provide a new password.

See other options in
man passwd
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Wed Jan 24, 2007 3:34 pm    Post subject: Reply with quote

I'm trying to create a script at the moment. But the problem is that want a script that that I can use in the form of:

Code:
./user-creation-script.sh USERNAME


But I want all new users to have their user name as their initial password, how can I do this within a script without needing to enter the information three times, once for the user name, then twice to enter the password (including the confirmation). I just want to execute the script with the user name as the argument, and that's it.

Any ideas?




Cheers,
jcat
Back to top
View user's profile Send private message
modified_bessel
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jul 2004
Posts: 101
Location: Cote d'Azur, France

PostPosted: Wed Jan 24, 2007 3:38 pm    Post subject: Reply with quote

OK, it is the script that you need! I will go play for a little while and get back soon.
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Wed Jan 24, 2007 4:10 pm    Post subject: Reply with quote

Ok, thanks. :)


I can create most of the script, but if I use the passwd command it will require user input twice for the password. What I want to do is avoid those extra steps and do it all with the one script, entered once from the command line.

That may sound lazy, but if you're adding 50 users it's a quick way to RSI! :lol:

I appreciate your help!



Cheers,
jcat
Back to top
View user's profile Send private message
BlackEdder
Advocate
Advocate


Joined: 26 Apr 2004
Posts: 2588
Location: Dutch enclave in Egham, UK

PostPosted: Wed Jan 24, 2007 4:50 pm    Post subject: Reply with quote

The following link describes how to set passwd from a script (with the expect command):
http://www.faqs.org/faqs/unix-faq/faq/part3/section-9.html
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Wed Jan 24, 2007 5:12 pm    Post subject: Reply with quote

I may be missing something obvious (it wouldn't be the first time), but I don't have the expect command on my system. It's not a program or a shell built-in.

Any ideas?




Cheers,
jcat
Back to top
View user's profile Send private message
BlackEdder
Advocate
Advocate


Joined: 26 Apr 2004
Posts: 2588
Location: Dutch enclave in Egham, UK

PostPosted: Wed Jan 24, 2007 6:09 pm    Post subject: Reply with quote

Apparantly you need to emerge it

Quote:
* dev-tcltk/expect
Latest version available: 5.42.1-r1
Latest version installed: [ Not Installed ]
Size of files: 512 kB
Homepage: http://expect.nist.gov/
Description: tool for automating interactive applications
License: BSD
Back to top
View user's profile Send private message
modified_bessel
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jul 2004
Posts: 101
Location: Cote d'Azur, France

PostPosted: Thu Jan 25, 2007 9:49 am    Post subject: Reply with quote

This (tiny) script will do the following:
(1) Entering ./user-creation-script.sh USERNAME , as root, creates a new account, login USERNAME and password USERNAME.
(2) It sets the validity of the password for 1 day, so the USER can log in so as to be able to change the password anytime within 24 hours.
(3) The user just has to login, and type "passwd", and he will be prompted to change the password and confirm it.

With a lot of users, you might need to incorporate in the script a line or two to scan /etc/passwd to make sure that the USERNAME doesn't already exist (i.e. report an error to you.....); amybe could also be automated to read a list of USERNAMES from a file....... etc.

Is this sort of what you are looking for?


Code:

./user-creation-script.sh USERNAME

#!/bin/bash

useradd -f 1 -p $1  $1
passwd  -e $1

exit

Back to top
View user's profile Send private message
UncleOwen
Veteran
Veteran


Joined: 27 Feb 2003
Posts: 1493
Location: Germany, Hamburg

PostPosted: Thu Jan 25, 2007 11:19 am    Post subject: Reply with quote

modified_bessel wrote:
(2) It sets the validity of the password for 1 day, so the USER can log in so as to be able to change the password anytime within 24 hours.
Code:

useradd -f 1 -p $1  $1

Doesn't that mean that EVERY password will expire after one day? Even the ones the user set for themselves?

Also, with -p you will have to supply the encrypted password.
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Thu Jan 25, 2007 11:24 am    Post subject: Reply with quote

UncleOwen wrote:
modified_bessel wrote:
(2) It sets the validity of the password for 1 day, so the USER can log in so as to be able to change the password anytime within 24 hours.
Code:

useradd -f 1 -p $1  $1

Doesn't that mean that EVERY password will expire after one day? Even the ones the user set for themselves?

Also, with -p you will have to supply the encrypted password.



I think you're right. Is there any way to generate the encrypted password to use with -p?



Cheers,
jcat
Back to top
View user's profile Send private message
modified_bessel
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jul 2004
Posts: 101
Location: Cote d'Azur, France

PostPosted: Thu Jan 25, 2007 12:23 pm    Post subject: Reply with quote

The normal lifetime of the password is determined by the maximum age (usually 99999 days in gentoo default). However, as root, I force it to expire in one day with the specific command
Code:
passwd  -e $1
; the one day part is determined by the
Code:
-f 1
option in
Code:
useradd -f 1 -p $1  $1
. After the new password is entered, the lifetime will still be the 99999 days, unless the admin changes it expressly, or issues another command similar to
Code:
passwd  -e $1
.

As regards the encrypted password, I am not sure. I read the same as you, but in trying the script, it worked like a charm. I made a new user with the script, rebooted, signed in as the new user with the same password as username, and off it went! Checking
Code:
passwd -aS
clearly shows the new account is going to expire in one day!

Since it is trivial to implement, please try it and let me know what you find on your machine; if there is a problem, I will try another route!

All the best!
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Thu Jan 25, 2007 12:51 pm    Post subject: Reply with quote

Great! I'll try this today and report back :)



Cheers,
jcat
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Tue Jan 30, 2007 1:14 pm    Post subject: Reply with quote

Sorry guys, haven't had time for this again this week. I will report back once I've tried and tested.

Thanks for all the help anyhow :)




Cheers,
jcat
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum